Peter Marschall wrote:
Hi, On Wednesday, 8. February 2012, Quanah Gibson-Mount wrote:I would also generally advise using something more secure than GnuTLS, such as OpenSSL, to link OpenLDAP to.Quanah, as you refer to GnuTLS being buggy, can you give a reference?
This is the most recent example I can recall, there are plenty of others. https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/423252 Stuff like this has bearing on the other recent email thread here http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514807 That bug has over 200 comments on it; this one is directly relevant to our topic: http://groups.google.com/group/linux.debian.bugs.dist/msg/8fec96a62571d6e9?pli=1 We hit that here http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5991 and also ITS#5992GnuTLS is not simply *buggy* - it is poorly designed, and the design choices they've made continue to (and will continue to) cause usability issues indefinitely.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/